Full Day, information security summit happening in New Jersey on October 25th. At this all day event, learn from industry experts on topics of information security. There is no charge for this event however <b> YOU MUST RSVP </b> if you are not on the RSVP list or have Photo ID, Verizon Security will NOT PERMIT YOU IN THE BUILDING.

TOPIC: <b>Ready...Set...Click </b> We can no longer think about consumer interaction and security as two different topics on opposite ends of the spectrum. They're two very important and very inter-related topics that affect everyone. The speech will describe real world flaws, poorly designed security and what hackers are doing to exploit today's websites. Lastly, it will show some forward thinking mitigation tactics.

−

SPEAKER:

+

<h3> Application Cryptanalysis Made Easy (1 Day Training)</h3>

−

Robert "RSnake" Hansen. He has worked in the security industry since the mid 1990s and helped pioneer leading banner advertising and click fraud detection solutions. During his tenure at eBay, Mr. Hansen worked on anti-cross site scripting, anti-phishing, anti-virus and web application intrusion detection and countermeasures and was directly responsible for the company's entire authentication architecture. For many years he ran the managed security services product lines for Cable & Wireless. He has spoken at Blackhat, Microsoft's Bluehat, the Rotary, OWASP, the Gartner security round table and at Networld+Interop. He is a member of WASC, OWASP, ISC2, APWG and ISSA.

+

−

---

+

Use of cryptography permeates today's computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.

−

TOPIC: <b>Dig Your Own Hole: 12 Ways to Go Wrong with Java Security</b> This session explores 12 of the most common security traps in Java. This session doesn’t include a review of 10–year–old guidelines for writing secure applets with JDK 1.1. Instead, it looks at causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, it looks at vulnerabilities from a developer’s perspective, focusing on the source code.

+

Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.

TOPIC: <b>BS7799/ISO17799/ISO27001 What is it... Why do you care?</b> Organizations may be certified compliant with ISO 27001 by a number of accredited certification bodies worldwide. Certification against any of the recognized national variants of ISO 27001 (e.g. the Japanese version) by an accredited certification body is functionally equivalent to certification against ISO 27001 itself. Certification audits are usually led/conducted by ISO 27001 Lead Auditors.

+

This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.

−

SPEAKER: Mahi Dontamsetti

+

This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.

Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?

−

---

+

This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.

Who are the active chapter members that are helping to build a robust chapter in 2012?

−

To submit educational topic for upcoming meeting please provide submit your powerpoint using the [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] and include a speaker BIO. If you wish to become a sponsor or co-sponsor please click on one of the below email addresses of our active board members.

OWASP New Jersey

Software Security Training

Where:
Hotel Pennsylvania
401 7th Avenue
Between 32nd and 33rd Streets
New York, New York 10001

Application Cryptanalysis Made Easy (1 Day Training)

Use of cryptography permeates today's computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.

Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.

This class provides developers an exciting chance to hone their programming skills while also learning to exploit common web vulnerabilities. Unlike most training, this will not use static demos based on pre-canned source code. Students will program small parts of a larger application during the class’s lab periods. After the component has been written, students will review the code for the vulnerability being focused on in the lab. Vulnerable code will be run on a class-accessible server while the instructor guides students through exploiting the vulnerabilities. After the vulnerability is exploited, students will be shown how their own code can be fixed (if it was vulnerable) and the best way to prevent the flaw in the first place.

This full process will be performed for all major code vulnerabilities in the OWASP Top Ten. Exploitation and patching labs (but not programming) will be held for other vulnerabilities, including logic flaws that are hard to represent on the Top Ten. Several labs will feature prizes for the students that first find or exploit the targeted vulnerability. Environments and examples will be setup for all major platforms requested by pre-registered students. Students should bring a laptop with them, preferably with VMWare Player already installed. A virtual machine based on the OWASP Live Boot CD will be provided for lab work. The virtual machine will include development tools, but students should feel free to bring their favorite programs too.

Securing Mobile Devices and Applications (2 Day Training Course)

Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?

This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.